Major Wall Street institutions were cracked wide open by a phishing scam from FIN4, a hacker group that, unlike its competition, can write convincingly and employs some basic smarts about why people open attachments.

Effective January 17, all research funded in whole or in part by the Bill and Melinda Gates Foundation must be published in journals that are immediately free-to-access, under a Creative Commons Attribution-only license.

Microsoft's internal network has begun censoring Torrentfreak, an excellent investigative journalism site that reports on file-sharing, censorship, copyright and Internet regulation around the world. Torrentfreak, which does not host or link to infringing files, is identified as a "security policy violation" by Microsoft's corporate spyware/censorware, supplied by Edge. Microsoft employees who try to read the site are shown a message that says, "The requested resource has been blocked as an identified risk to your client and the Microsoft corporate network."

Microsoft read the email of Hotmail users without a warrant, in order to catch someone who'd leaked some Microsoft software. When they were caught out, the pointed out that they'd always reserved the right to read Hotmail users' email, and tried to reassure other Hotmail users by saying that they were beefing up the internal process by which they decided whose mail to read and when.

Now, citing the "'post-Snowden era' in which people rightly focus on the ways others use their personal information," the company has announced that it will not read its users' email anymore when investigating theft or copyright violations -- instead, it will refer this sort of thing to the police in future (they still reserve the right to read your Hotmail messages without a court order under other circumstances).

As Techdirt's Mike Masnick points out, this is a most welcome change. The message announcing the change by Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs) is thoughtful and forthright. It announces a future round-table on the questions raised by the company's snooping that the Electronic Frontier Foundation can participate in.

Smith asks a seemingly rhetorical question: "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" That is indeed a fascinating question, but in the specific case of Hotmail, I feel like it has a pretty obvious answer: change your terms of service so that you promise not to read your customers' email without a court order. Then, if you think there's a situation that warrants invading your customers' privacy, get a court order. This is just basic rule-of-law stuff, and it's the kind of thing you'd hope Microsoft's General Counsel would find obvious.

The fact that the question is being raised casts more light on Microsoft's extensive "Scroogled" campaign, which (rightly) took Google to task for having a business-model that was predicated on harvesting titanic amounts of personal data. The takeaway here is that while Microsoft's business-model (at the moment) is less privacy-invading than Google's, that is not due to any inherent squeamishness about spying on people -- rather, it's just a practical upshot of its longstanding practices.

Microsoft's "Scroogled" campaign (no relation) boastfully compared Hotmail's privacy framework to Gmail's, condemning Google for "reading your mail." Now, Microsoft has admitted that it scoured the Hotmail messages belonging the contacts of a suspected leaker in order to secure his arrest, and points out that Hotmail's terms of service have always given Microsoft the right to read your personal mail for any of a number nebulously defined, general reasons.

The company says that is had an undisclosed "rigorous process" to determine when it is allowed to read and publish your private email. In a statement, it sets out what the process will be from now on (though it doesn't say what the process has been until now) and vows to include the instances in which it reads its users' mail in its transparency reports, except when it is secretly reading the Hotmail accounts of people who also work for Microsoft.

Here's a PGP tool that claims to work with Hotmail, and would theoretically leave your Hotmail messages unreadable to Microsoft, though the company could still mine your metadata (subject lines, social graph, etc).

Freeweibo, an anti-censorship organization that works on free speech issues in China, has discovered that the Chinese version of Microsoft's Bing search-engine censors its US version to match the censored results that would be shown within China. Search terms such as "Dalai Lama, June 4 incident (how the Chinese refer to the Tiananmen Square protests of 1989), Falun Gong and FreeGate" return results dominated by censored Chinese news outlets like Baidu Baike and Chinese state broadcaster CCTV. The same searches run on the English version of Bing return pages from Wikipedia, BBC, the New York Times, etc.

Google's Chinese-language competitor displays much more parity between the Chinese and English editions -- the Chinese Google results for controversial subjects include Chinese articles from the BBC and Wikipedia.

"Bing does not apply China's legal requirements to searches conducted outside of China," Bing Senior Director Stefan Weitz notes in a prepared statement. "Due to an error in our system, we triggered an incorrect results-removal notification for some searches noted in the report, but the results themselves are and were unaltered outside of China.

As of 10PM Pacific on 12 Feb, many of the "controversial" search terms still generate results pages dominated by Chinese state media.

Charlie Stross really, really hates Microsoft Word. So much so that he's written a 1600-word essay laying out the case for Word as a great destroyer of creativity, an agent of anticompetitive economic destruction, and an enemy of all that's decent and right in the world. It's actually a pretty convincing argument.

As the astonishing news that the NSA spent $250M/year on a sabotage program directed against commercial security systems spreads, more details keep emerging. A long and interesting story on Mashable includes an interview with Peter Biddle, an ex-Microsoft security engineer who worked extensively on BitLocker, a full-disk encryption tool with a good reputation that was called into question by the latest leaks. Biddle (disclosure: a friend of mine) describes how he was approached to add a backdoor to BitLocker, and how he rebuffed various government agencies.

Yesterday, Microsoft announced a $900 million writedown triggered by the failure of their Surface tablets. According to David Gilbert at the International Business Times, this means there are about six million unsold tablets in inventory, shortly to flood the market at deep discounts. What should we do with these? Jailbreak 'em, install a free/open operating system, and use them as control systems for projects too complex for Raspberry Pi or Arduino? (via /.)

As the specifications for Microsoft's upcoming Xbox One have emerged, more and more gamers have expressed, forcefully, their dismay at the developing picture of a console that is totally built around DRM, taking away cherished customer rights like lending or selling their games. Microsoft has stubbornly refused to acknowledge that this might even be a problem (see their talking points memo for an example of the lengths the company was prepared to go to in order to dodge this question), but the pressure appears to have built to a breaking point. Yesterday, the company abruptly announced a complete 180' reversal from its rigid DRM commitment, such that the Xbox One will have about the same level of DRM as its predecessor, the Xbox 360 (which, it must be said, is DRMed up to the eyeballs).

“After a one-time system set-up with a new Xbox One,” Xbox executive Don Mattrick wrote in a blog post, “you can play any disc based game without ever connecting online again. There is no 24 hour connection requirement and you can take your Xbox One anywhere you want and play your games, just like on Xbox 360.” Mattrick added that Xbox One would be region-free; any Xbox One disc would function in any Xbox One console.

Additionally, Mattrick wrote, players will be able to “trade-in, lend, resell, gift, and rent disc based games just like you do today. There will be no limitations to using and sharing games, it will work just as it does today on Xbox 360.”

Microsoft's new XBox One will ship with region-locks that divide the world; yours will only work if it connects to the DRM server from one of 21 selected countries. The countries include some, but not all, EU nations, which is almost certainly illegal under the EU's strict common market rules. Here's hoping that Redmond gets a punitive fine big enough to clobber the program and scare the shit out of any other company contemplating similar idiocy.

Notably this "region coding" splits up the EU - most countries are in but some are out - and it also excludes Poland, the development home of The Witcher game series, a title Microsoft touted in its E3 launch presentation. Yes, that's right, the developers of this Xbox launch title will not be able to play the game they developed. I generally find it wise to assume that Microsoft are not stupid, but whatever their plan is, it's eluding me here. Sony was quick to announce that its competitive product, the PS4, would not be region-locked.

Kotaku's Luke Plunkett delves into a newly disclosed Microsoft patent that covers spying on people in their homes using cameras attached to their TVs, in order to levy fines against them for allowing too many people to watch movies at once:

Basically, when you buy or rent something like a movie, you’ll only be granted a “license” for a certain number of people to watch it. If Kinect detects more people in the room than you had a licence for, it can stop the movie, and even charge you extra.
So if Microsoft has its way, you won’t just be renting movies any more. You’ll have to decide how many people are watching, and no doubt pay more. And if one extra person turns up to your movie night? So help you God, you are going to pay.

Of course, big companies patent all sorts of stupid ideas, many of which never get incorporated into products. But hey, now you know that researchers at Microsoft sit around spitballing ideas like, "Wouldn't it be awesome to spy on our customers in their homes so that we could fine them for having too many people over to watch movies? Wonder if anyone is Hollywood would give us preferential access to movies if we could promise them that they could do nose-counts of people in their own homes?"